locked
OCS edge Server SETUP RRS feed

  • Question

  • Dear Jeff, i think you are only who answers my questions.

    Can you please help me, i have LAN setup in that i have A.D-2003 ,Exchange 2007, ocs R2  ever thing working fine and i can do voice calls and voice mail everything ok. but now i would like to use office communicator from Outside world to talk with LAN Users through Office communicator. that men

    office communicator pc  --- internet --- Edge server --- OCS R2 SERVER,( AD,Exchange 2007 )  -  Lan User office Communicator. but for this i would like i dont know what role i need on edge server?

    I mean
    1.A/V Edge Server or 2.access Edge Server or both ?

    2. I would like use Internal CA to issue certificate bcz this is just test purpose only

    3.we dont have dns register i have one public ip address, i woud like to logon from OFFICE COMMUNICATOR (OUTSIDE WORLD) with the publlic ip address.

    if possible you can email me on EMAIL REMOVED or direcly post it. can you please help me this is very important .
    Friday, October 16, 2009 1:17 PM

Answers

  • OCS R2 removed the concept of expanded Edge topologies, where you would have multiple Edge servers that performed only specific roles.  A single consolidated Edge server is what you need to complete your tests.  You can use internal certificates as long as the PC(s) that you wish to test this with properly trust the certificate chain you are using, and you can do this all on a single public IP address as long as you use different ports than the standard recommendations (note that in production it is strongly recommended to have multiple IP addresses).

    Microsoft has existing guides to planning a deploying an Edge server which would be the best place to start rather than having someone on the forums recreate the documentation.  Take a look here:  http://technet.microsoft.com/en-us/library/dd425196(office.13).aspx.

    Mike Stacy | Evangelyze Communications | http://www.evangelyze.net/cs/blogs/mike
    Friday, October 16, 2009 1:47 PM
    Moderator
  • 1. In OCS R2 the only Edge roles supported now is a consolidated server, so when you run the wizard you'll need not be given a choice of which components to install.  You'll need to configure all three external Edge roles, but once the setup is complete you can stop and disable the services for the roles you don't want. 

    See this article for more details on that: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=70

    2. You can put internal certificates on the Edge external roles as long as you connect from clients which trust the same issuing/root CA.  Federation with other OCS environments won't work unless you also supply your root certs to them to install on their Edge server.

    Check this article for more on that: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=79

    3. If you have only a single Public IP address it is possible to configure both the Access Edge and A/V Conferencing roles on it, but utilizing non-default ports for some of the services.  This is a tricky setup and can take some messing around to get working correctly.

    Also take a look at these articles (and the linked MS documents within) for more details on your questions:
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, October 16, 2009 1:59 PM
    Moderator
  • If you ar eusing multiple external interfaces then take a look at this article: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=78

    The Edge server should not be configured as a router in the typical sense for Windows Server; you don't configure any IP routing in the OS.  And make sure you use your public IP addresses in the external DNS records.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, October 19, 2009 1:07 PM
    Moderator
  • Dear all Please have a look to this url  for physical edgeserver setup.

    http://www.appliednet.gr/Blog/CategoryView,category,VoIP.aspx

    other power point slides are creating  a big problem to under stand , but this url is clearly explain what will be the physical setup.
    Wednesday, October 21, 2009 3:03 PM

All replies

  • OCS R2 removed the concept of expanded Edge topologies, where you would have multiple Edge servers that performed only specific roles.  A single consolidated Edge server is what you need to complete your tests.  You can use internal certificates as long as the PC(s) that you wish to test this with properly trust the certificate chain you are using, and you can do this all on a single public IP address as long as you use different ports than the standard recommendations (note that in production it is strongly recommended to have multiple IP addresses).

    Microsoft has existing guides to planning a deploying an Edge server which would be the best place to start rather than having someone on the forums recreate the documentation.  Take a look here:  http://technet.microsoft.com/en-us/library/dd425196(office.13).aspx.

    Mike Stacy | Evangelyze Communications | http://www.evangelyze.net/cs/blogs/mike
    Friday, October 16, 2009 1:47 PM
    Moderator
  • 1. In OCS R2 the only Edge roles supported now is a consolidated server, so when you run the wizard you'll need not be given a choice of which components to install.  You'll need to configure all three external Edge roles, but once the setup is complete you can stop and disable the services for the roles you don't want. 

    See this article for more details on that: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=70

    2. You can put internal certificates on the Edge external roles as long as you connect from clients which trust the same issuing/root CA.  Federation with other OCS environments won't work unless you also supply your root certs to them to install on their Edge server.

    Check this article for more on that: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=79

    3. If you have only a single Public IP address it is possible to configure both the Access Edge and A/V Conferencing roles on it, but utilizing non-default ports for some of the services.  This is a tricky setup and can take some messing around to get working correctly.

    Also take a look at these articles (and the linked MS documents within) for more details on your questions:
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, October 16, 2009 1:59 PM
    Moderator
  • Dear Mike

    I am going to implement Consolidated Edge server but the problem is DNS, do i need to have dns registerd. for example my name name is kin.com so, on the access edge server ip address is= 192.168.1.25  which is natted to = 217.25.53.6 (public ip address) and dns entry will be = sip.kin.com.

    but the problem is from PC communicator (outside world) in the office communicator properties , if i type the public ip address can i able to acccess or do i need register my domnain first and then type: SIP.KIN.COm.

    please let me know
    Friday, October 16, 2009 2:16 PM
  • Dear Mike and jeff one more quesiton i have that is on

    Outside PC Communicator --- Internet---Firewall/router-----switch---Edgeserver,AD,ocs r2,exchange,LAN Pc communicator.

    it mean edgeserver(192.168.1.25,) AD (192.168.1.21), ocsr2 (192.168.1.22) EX(192.168.1.23) let assume all are in same network and you have only  1 NIC card on Edgeserver. this entire lan is connected to SWITCH -from here the connection goes to firewall/Router.
    i have natted 192.168.1.25 - 217.25.53.6 on firewall. so on edge server i have got only 1 interface, with this scenario

    can outside PC with OFFICE COMMUNICATOR can ble to call inside pC COMMUNICATOR.  or do i nedd have 2 lan cards on edge server  pls let me know. his is a bit important. i am waiting for y our reply
    Friday, October 16, 2009 3:12 PM
  • I believe the article I posted before makes it pretty clear regarding the topic of attempting to use a single NIC on the Edge Server.
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, October 16, 2009 4:33 PM
    Moderator
  • Dear Jeff

    Tahnks for you reply.  one last quesiton is  i would like to use office communicator to logon from outside world have a have voice call with inside user. that's it i do not want any other service.
    for this which edge server need to install ?


    i think for this  i need to install only Access Edge server . so, my quesitonis do i  need install A/V edge server also or not ? please let meknow.important pls reply.
    Monday, October 19, 2009 8:35 AM
  • Dear Jeff
    my Questionis  I have two users:  user1@kin.com (siutated in lan network)  , User2 (situated in  outside world) with laptop and communicator installed ( remote user).

    Now User2 wants to dial a voice call to User1 with Office Communicator.  for this i setup  I took one computer and setup the Edge Server with three roles 

    Diagram

    Outside user- --internet---  Firewall/Router   --- Edge SErver/Router ---- Lan network (DC,EXCHANGE,FRONT END SERVER)

    and the ip address on edge server are:

    Lan network = 192.168.1.0 network and default gateway is 192.168.1.1 .

     i hav configured Edge Server as Router , so edge server INside ip address is 192.168.1.1

    Edge Server has 3 external interface which connected in to switch -- from there the connection goes to firewall.  the edge server ip adress are:
    10.10.10.1- Access edge server   =    natted as 200.10.10.1 (public assume)
    10.10.10.2- A/V Edge SErver = =       natted as 200.10.10.2 (public assume)
    10.10.10.3 - Webconfrence server. =  natted as 200.10.10.3 (public assume)

    Now i am going to do the nat on firewall but i dont know which server i do need do the NAT so, that the User2 (outside world user) can logon through communicator and have a voice call with User1.

    User2 in office communicator properites what need to configure i mean ip address or domain name. pls let me know.. i stuck from past 2 weeks.




    Monday, October 19, 2009 9:34 AM
  • If you ar eusing multiple external interfaces then take a look at this article: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=78

    The Edge server should not be configured as a router in the typical sense for Windows Server; you don't configure any IP routing in the OS.  And make sure you use your public IP addresses in the external DNS records.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, October 19, 2009 1:07 PM
    Moderator
  • Thanks i will use external router and i will register dns. On out side laptop pc with communicator, in that pc - communicator settings i need to configure "sip.contoso.com" am i right.

    if it is right , then do we use A/V server features with https://  url  only. please let me know.
    Monday, October 19, 2009 2:15 PM
  • Dear all Please have a look to this url  for physical edgeserver setup.

    http://www.appliednet.gr/Blog/CategoryView,category,VoIP.aspx

    other power point slides are creating  a big problem to under stand , but this url is clearly explain what will be the physical setup.
    Wednesday, October 21, 2009 3:03 PM